Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-08-11FireEyeNick Schroeder, Harris Ansari, Brendan McKeague, Tim Martin, Alex Pennino
@online{schroeder:20200811:cookiejar:8fd0fd9, author = {Nick Schroeder and Harris Ansari and Brendan McKeague and Tim Martin and Alex Pennino}, title = {{COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module}}, date = {2020-08-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/cookiejar-tracking-adversaries-with-fireeye-endpoint-security-module.html}, language = {English}, urldate = {2020-08-14} } COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
2020-08-06FireEyeNhan Huynh
@online{huynh:20200806:bypassing:83c2a87, author = {Nhan Huynh}, title = {{Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach}}, date = {2020-08-06}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-anti-analysis-man-in-the-middle-approach.html}, language = {English}, urldate = {2020-08-12} } Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
MASS Logger
2020-07-30FireEyeJoseph Hladik, Josh Fleischer
@online{hladik:20200730:obscured:41a50f3, author = {Joseph Hladik and Josh Fleischer}, title = {{Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates}}, date = {2020-07-30}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html}, language = {English}, urldate = {2020-08-05} } Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
2020-07-15FireEyeNathan Brubaker, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Corey Hildebrandt
@online{brubaker:20200715:financially:f217555, author = {Nathan Brubaker and Daniel Kapellmann Zafra and Keith Lunden and Ken Proska and Corey Hildebrandt}, title = {{Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families}}, date = {2020-07-15}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html}, language = {English}, urldate = {2020-07-16} } Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
DoppelPaymer LockerGoga Maze MegaCortex Nefilim Ransomware Snake Ransomware
2020-07-13FireEyeAndrew Thompson, Aaron Stephens
@online{thompson:20200713:scandalous:15d59a2, author = {Andrew Thompson and Aaron Stephens}, title = {{SCANdalous! (External Detection Using Network Scan Data and Automation)}}, date = {2020-07-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/scandalous-external-detection-using-network-scan-data-and-automation.html}, language = {English}, urldate = {2020-07-15} } SCANdalous! (External Detection Using Network Scan Data and Automation)
POWERTON QUADAGENT PoshC2
2020-05-21BrightTALK (FireEye)Kimberly Goody, Jeremy Kennelly
@online{goody:20200521:navigating:a2eae5f, author = {Kimberly Goody and Jeremy Kennelly}, title = {{Navigating MAZE: Analysis of a Rising Ransomware Threat}}, date = {2020-05-21}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/408167/navigating-maze-analysis-of-a-rising-ransomware-threat}, language = {English}, urldate = {2020-06-05} } Navigating MAZE: Analysis of a Rising Ransomware Threat
Maze
2020-05-12FireEyeJacob Thompson
@online{thompson:20200512:analyzing:2dceb57, author = {Jacob Thompson}, title = {{Analyzing Dark Crystal RAT, a C# backdoor}}, date = {2020-05-12}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html}, language = {English}, urldate = {2020-05-18} } Analyzing Dark Crystal RAT, a C# backdoor
DCRat
2020-05-07FireEye IncKimberly Goody, Jeremy Kennelly, Joshua Shilko
@online{goody:20200507:navigating:7147cb7, author = {Kimberly Goody and Jeremy Kennelly and Joshua Shilko}, title = {{Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents}}, date = {2020-05-07}, organization = {FireEye Inc}, url = {https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html}, language = {English}, urldate = {2020-05-11} } Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
Maze
2020-04-22FireEyeScott Henderson, Gabby Roncone, Sarah Jones, John Hultquist, Ben Read
@online{henderson:20200422:vietnamese:d9dc0db, author = {Scott Henderson and Gabby Roncone and Sarah Jones and John Hultquist and Ben Read}, title = {{Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage}}, date = {2020-04-22}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html}, language = {English}, urldate = {2020-04-26} } Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
METALJACK
2020-04-07FireEyeMichael Bailey
@online{bailey:20200407:thinking:7ee19d0, author = {Michael Bailey}, title = {{Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation}}, date = {2020-04-07}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html}, language = {English}, urldate = {2020-05-05} } Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation
Elise
2020-03-31FireEyeVan Ta, Aaron Stephens
@online{ta:20200331:its:632dfca, author = {Van Ta and Aaron Stephens}, title = {{It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit}}, date = {2020-03-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html}, language = {English}, urldate = {2020-04-06} } It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
Ryuk TrickBot
2020-03-25FireEyeChristopher Glyer, Dan Perez, Sarah Jones, Steve Miller
@online{glyer:20200325:this:0bc322f, author = {Christopher Glyer and Dan Perez and Sarah Jones and Steve Miller}, title = {{This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits}}, date = {2020-03-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html}, language = {English}, urldate = {2020-04-14} } This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Speculoos Cobalt Strike
2020-02-19FireEyeFireEye
@online{fireeye:20200219:mtrends:193613a, author = {FireEye}, title = {{M-Trends 2020}}, date = {2020-02-19}, organization = {FireEye}, url = {https://content.fireeye.com/m-trends/rpt-m-trends-2020}, language = {English}, urldate = {2020-02-20} } M-Trends 2020
Cobalt Strike Grateful POS LockerGoga QakBot TrickBot
2020-02-05FireEyeRick Cole, Andrew Moore, Genevieve Stark, Blaine Stancill
@online{cole:20200205:stomp:77ecf4b, author = {Rick Cole and Andrew Moore and Genevieve Stark and Blaine Stancill}, title = {{STOMP 2 DIS: Brilliance in the (Visual) Basics}}, date = {2020-02-05}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html}, language = {English}, urldate = {2020-02-09} } STOMP 2 DIS: Brilliance in the (Visual) Basics
MINEBIDGE
2020-01-17FireEyeWilliam Ballenthin, Josh Madeley
@online{ballenthin:20200117:404:cc95f5f, author = {William Ballenthin and Josh Madeley}, title = {{404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor}}, date = {2020-01-17}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html}, language = {English}, urldate = {2020-01-17} } 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
NOTROBIN NOTROBIN
2020-01-14FireEyeNick Carr, Matt Bromiley
@online{carr:20200114:rough:1c149da, author = {Nick Carr and Matt Bromiley}, title = {{Rough Patch: I Promise It'll Be 200 OK (Citrix ADC CVE-2019-19781)}}, date = {2020-01-14}, organization = {FireEye}, url = {https://www.fireeye.com/blog/products-and-services/2020/01/rough-patch-promise-it-will-be-200-ok.html}, language = {English}, urldate = {2020-01-17} } Rough Patch: I Promise It'll Be 200 OK (Citrix ADC CVE-2019-19781)
NOTROBIN
2020-01-09FireEyeSandor Nemes, Zander Work
@online{nemes:20200109:saigon:d0a0c27, author = {Sandor Nemes and Zander Work}, title = {{SAIGON, the Mysterious Ursnif Fork}}, date = {2020-01-09}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/01/saigon-mysterious-ursnif-fork.html}, language = {English}, urldate = {2020-01-13} } SAIGON, the Mysterious Ursnif Fork
SaiGon
2019-12-12FireEyeChi-en Shen, Oleg Bondarenko
@online{shen:20191212:cyber:e01baca, author = {Chi-en Shen and Oleg Bondarenko}, title = {{Cyber Threat Landscape in Japan – Revealing Threat in the Shadow}}, date = {2019-12-12}, organization = {FireEye}, url = {https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko}, language = {English}, urldate = {2020-04-16} } Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech
2019-10-31FireEyeRaymond Leong, Dan Perez, Tyler Dean
@online{leong:20191031:messagetap:823e994, author = {Raymond Leong and Dan Perez and Tyler Dean}, title = {{MESSAGETAP: Who’s Reading Your Text Messages?}}, date = {2019-10-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html}, language = {English}, urldate = {2019-12-18} } MESSAGETAP: Who’s Reading Your Text Messages?
MESSAGETAP
2019-10-15FireEyeTobias Krueger
@online{krueger:20191015:lowkey:aab2f5e, author = {Tobias Krueger}, title = {{LOWKEY: Hunting for the Missing Volume Serial ID}}, date = {2019-10-15}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/10/lowkey-hunting-for-the-missing-volume-serial-id.html}, language = {English}, urldate = {2019-12-10} } LOWKEY: Hunting for the Missing Volume Serial ID
LOWKEY poisonplug